A Lightweight Image Encryption Algorithm Based on Message Passing and Chaotic Map

+e popularization of 5G and the development of cloud computing further promote the application of images. +e storage of images in an untrusted environment has a great risk of privacy leakage. +is paper outlines a design for a lightweight image encryption algorithm based on a message-passing algorithm with a chaotic external message. +e message-passing (MP) algorithm allows simple messages to be passed locally for the solution to a global problem, which causes the interaction among adjacent pixels without additional space cost. +is chaotic system can generate high pseudorandom sequences with high speed performance. A two-dimensional logistic map is utilized as a pseudorandom sequence generator to yield the external message sets of edge pixels. +e external message can affect edge pixels, and then adjacent pixels interact with each other to produce an encrypted image. A MATLAB simulation shows the cipher-image performs fairly uniform distribution and has acceptable information entropy of 7.996749. +e proposed algorithm reduces correlation coefficients from plain-image 1 to its cipher-image 0, which covers all of the plain-image characters with high computational efficiency (speed� 18.200374Mbit/s). +eoretical analyses and experimental results prove the proposed algorithm’s persistence to various existing attacks with low cost.


Background.
e rapid development of networking promotes multimedia communication and transmission. As one of the most important data carriers, multimedia contains large amounts of visual information and rich content. Multimedia plays important role and has widespread applications [1][2][3][4] in many scenarios. However, multimedia data are vulnerable to interception and modification during transmission on public communication channels. Additionally, mobile devices are vulnerable to theft and loss due to their small size in a public environment. In particular, mobile devices, such as mobile phones and tablets, integrate computing and storage. It is difficult to guarantee the security of personal information by relying solely on access control. erefore, the loss of mobile devices has serious security risks of privacy leakage [5,6]. In recent years, many interesting image encryption algorithms have been proposed based on various theories, such as Advanced Encryption Standard (AES) [7,8], DNA coding [9,10], discrete cosine transform (DCT) [11,12], and Arnold transform [13][14][15][16].
ese schemes require large computational cost that mobile terminals cannot afford. Due to the high parallelism of DNA molecules, some researchers have combined DNA technology to design highly efficient and secure encryption schemes [9,10]. However, DNA coding takes a substantial amount of time, and many devices do not have a high level of parallelism. erefore, the encryption scheme based on DNA coding is difficult to be widely used in most scenarios. DCT performs an efficient energy compaction and separability property when images have a high correlation between adjacent pixels. In [12], DCT is used for blocks' transformation to lower pixel correlation in the frequency domain. But DCT is a lossy coding scheme. Singh et al. [15] utilized a fractional Hartley transform combined with an Arnold transform to encrypt images in the frequency domain. e Arnold transform is used for pixel scrambling in image encryption studies. Its drawback is that the width and height of the original image must be identical, which limits its application scenarios to a large extent. Furthermore, the image encryption algorithm needs to have extremely high computational efficiency to reduce the impact on the user experience. Ideally, the user should have no perception of the encryption/decryption process.
ere is a great body of studies on chaotic systems [17][18][19] because of their many excellent intrinsic properties, such as ergodicity, pseudorandomness, fast computational speed, and high sensitivity. e image encryption algorithm combined with a chaotic system can yield high randomness, high key sensitivity, and fast computational speed. Parvaz and Zarebnia [17] define a combination chaotic system by using Logistic, Sine, and Tent systems and analyze its chaotic properties. And they applied the new chaotic system to design an image encryption algorithm, which is proved to be secure and practical. A twodimensional logistic map contains features, such as less periodic windows in bifurcation diagrams and a larger range of parameters for chaotic behaviors, which is more suitable for cryptography. Furthermore, an image encryption algorithm based on a two-dimensional logistic map and DNA sequence operations is proposed in [19]. In the paper, a twodimensional logistic map is utilized as the pseudorandom generator to get the external message of edge pixels. e pseudorandom sequences participate in the calculation of edge pixels and spread to the whole image with messagepassing (MP) algorithm, which guarantees the randomness and low pixel correlation of cipher-images.
MP [20][21][22] is an interesting idea for performing complicated calculations using simple and commonly distributed hardware. Simple messages are passed locally among simple processors whose operations yield a solution for a global problem. erefore, MP algorithms are widely used in various fields. e message-passing approach is intuitively appealing and suited to non-Gaussian models and nonlinear. Local impact on the global is an important feature to describe the scrambling of a cipher-image. Inspired by the idea, we discover a new application based on MP for high diffusion in the image encryption files. In this paper, as a prior message, the current pixel carries out mathematical calculations with an external message, whose result is stored in the current coordinate as a posterior message. e posterior message is passed to adjacent pixels as an external message for a new round of calculations. As the message passes to all pixels, we get the final cipher-image. e process of a message passing is based on the interaction among adjacent pixels of the image and accomplishes ciphertext security delivery. erefore, there are no additional space costs, which realize secure image encryption with low space cost.

Contribution and Organization.
A lightweight image encryption algorithm based on MP [20][21][22] and a chaotic map are proposed for content protection. A message-passing algorithm allows simple messages to be passed locally and leads to the solution of a global problem. Local impact on the global is an important feature to describe the scrambling of a cipher-image. e paper applies MP to scramble the image at the diffusion stage. Each pixel is viewed as the node of the network, and all nodes constitute the image. Two valid passing paths are chosen: one proceeds from the coordinate (1, 1) to (M, N) through a rightward and downward path, called forward propagation [23,24]. e other proceeds from the coordinate (M, N) to (1, 1) by a leftward and upward path, called backpropagation [24][25][26]. Chaotic sequences can affect edge pixels, and then adjacent pixels interact with each other to realize the image encryption. e cipher-image is subject to the strict control of the two-dimensional logistic map. erefore, the initial parameters of a two-dimensional logistic map are regarded as the security key for resistance against key sensitivity attacks. e major contributions of the proposed scheme are as follows: (1) We design a lightweight image encryption algorithm based on MP and two-dimensional logistic chaotic map, which has a high level of security with small space cost and high running performance. (2) We introduce MP to the image encryption field to yield a notable scrambling effect. Message passing yields an interaction among adjacent pixels without additional space consumption. Two valid passing paths are set to guarantee the scrambling effect associated with each pixel of the image. (3) MP allows the external message to affect edge pixels and then spread across the image. Based on this feature, we design a novel diffusion method that chaotic system is used to control the external message of MP. e security of the proposed algorithm relies heavily on a two-dimensional logistic map, which has initial parameters that are reserved as the security key. Hence, the proposed algorithm has a highly chaotic property and strong robustness against key sensitivity analysis.
e remaining sections of the paper are organized as follows. In Section 2, the preliminary proposed algorithm is introduced. In Section 3, the encryption and decryption algorithms are described. Section 4 provides simulation results and security analysis from a MATLAB platform. Finally, conclusions are drawn in Section 5.

Message Passing.
e message-passing algorithm [20] can do complicated calculations by using simple and commonly distributed hardware. Simple messages are passed locally among simple processors to provide a solution to a global problem. As an example, consider the complex calculation of counting the number of soldiers in a line who communicate single integers to the two adjacent soldiers and add one to a number. e rule includes three steps as follows: Step 1. If you are the front soldier in the line, say the number "one" to the soldier behind you Step 2. If you are the rearmost soldier in the line, say the number "one" to the soldier in front of you Step 3. If a soldier ahead of or behind you says a number to you, add one to it, and say the new number to the soldier on the other side Its abstract model is given in Figure 1. As shown in Figure 1, MP [20] has a local impact on the global, which is an important feature to yield the scrambling of the cipher-image. We introduce MP into image encryption for scrambling and define edge pixels as a set of pixels whose coordinates i � 1 or j � 1 or i � M or j � N in the M × N image. To adapt to the bidimensionality of an image, this paper extends definitions of forward propagation [23,24] and backpropagation [24][25][26] for a low correlation coefficient. Forward propagation proceeds from the coordinate (1, 1) to (M, N) on a rightward and downward path while backpropagation proceeds from the coordinate (M, N) to (1, 1) on a leftward and upward path. Based on the abstract model of message passing presented in Figure 1, we provide two-dimensional definitions of forward propagation and backpropagation of MP in the image below. Forward propagation is defined as follows: where the M × N image Mp is calculated to be Mp′ by backpropagation. e function ExF returns the computed result of the external message. Ebr of size 1 × N and Ebc of size M × 1 represent back external message sets. e coordinate (i, j) proceeds from (1, 1) to (M, N).

Two-Dimensional Logistic Map.
A two-dimensional logistic map [19,27] contains many features, such as less periodic windows in bifurcation diagrams and a larger range of parameters for chaotic behaviors, which is more suitable for cryptography. As a nonlinear recursive algorithm, a twodimensional logistic map is defined as follows: where μ 1 , μ 2 , c 1 , and c 2 are control parameters. When 2.75 < μ 1 ≤ 3.4, 2.75 < μ 2 ≤ 3.45, 0.15 < c 1 ≤ 0.21, and 0.13 < c 2 ≤ 0.15, the system can generate outstanding pseudonumbers in the region (0, 1].

Substitution Box.
Substitution box (S-box) [8,28] is an important nonlinear tool in cryptography. S-box is created by using a form of modulus mathematics that is called Rijndael's Galois field. Its arithmetic has special properties that ensure values do not exceed 2 8 , which keeps everything within a byte and is great for computers [16]. As a lookup table, S-box generally divides each number into its most and least significant nibble (4 bits). e least significant nibble identifies the column, and the most significant nibble defines the row to use in Table 1.

Encryption and Decryption
e encryption approach consists of three stages, including external message generation, forward propagation, and backpropagation. e overall architecture of the proposed cryptosystem is shown in Figure 2. External message generation is constructed by a two-dimensional logistic map [19,27], whose initial parameters are taken as the security key of the proposed cryptosystem. External message generation is utilized to generate external message sets to encrypt the edges of the image. Forward propagation [23,24] is introduced to scramble the image from front to back. When a certain pixel is altered, all the pixels behind it change. Backpropagation [24][25][26] is able to scramble the image from back to front. When a certain pixel is altered, all the pixels before it change too. e combination of forward propagation and backpropagation provides the cryptosystem with a significant feature that a variation in one pixel can affect the whole image, which ensures the proposed method could resist against multiple advanced attack methods, e.g., differential attack and chosen-plaintext attack, etc. In this paper, forward propagation and backpropagation as defined in equations (1) and (2) are described in Figures 3 and 4, Security and Communication Networks respectively, where Efr, Efc, Ebr, and Ebc, respectively, represent external message along four directions.

Encryption Approach.
e proposed algorithm takes the initial parameters of a two-dimensional logistic map as a security key. Two pairs of initial parameters (x 1 , y 1 ) and (x 2 , y 2 ) are substituted into equation (3), and then after iterating equation (3) for M and N times, respectively, the cryptosystem obtains four chaos sequences that participate in computations of forward propagation shown in Figure 3 and backpropagation shown in Figure 4. e detailed encryption steps are as follows: (1) Substituting two pairs of initial parameters (x 1 , y 1 ) and (x 2 , y 2 ) into equation (3) and iterating them for N + m and M + m times, respectively. Discarding the former m  Efr � X 1 × M × N × 10 3 mod 256, (3) Defining the function ExF in equations (1) and (2) as follows: where the function S substitutes the value of the current argument [28] according to Table 1.

Decryption
Approach. e proposed cryptosystem has an excellent feature in that the majority of encryption/decryption steps are the same. erefore, the proposed cryptosystem is easy to implement in various platforms with low costs. e detailed decryption steps are given as follows: (1) By executing steps (1-3) in Section 3.1, external message sets Efr, Efc, Ebr, and Ebc are obtained.

Security Analysis
e adversary may attempt various attack methods to break up encryption algorithms. In order to verify the security of the proposed cryptosystem, we simulate multiple attack methods to conduct security analysis from many aspects, including statistical analysis, sensitivity analysis, key space analysis, information entropy, chosen-plaintext attack, time, and space costs. Color image is composed of red, green, and blue channels. e proposed cryptosystem is implemented Efr (1) Efr (2) Efr (N) Efc (1) Efc (2) Efc   e histogram [19,29] represents the distribution of the pixel values of an image. For visual images, the distribution of their pixel values shows an obvious rule. A statistical attack is a common method to find statistical clues to break the cryptosystem. A secure cryptosystem can make the cipher-image have a uniform frequency distribution and provide as little statistical information as possible. We compare the distribution of the pixel values between the plain-image and cipher-image. Figure 6 shows that plain-images contain a large amount of statistical information while cipher-images have a fairly uniform distribution over the interval [0, 255].

Correlation Coefficients.
Due to the intrinsic features of the image, adjacent pixels perform high correlation. e correlation coefficient [29,30] is a numerical measure to evaluate the statistical relationship between two variables. e high correlation means attackers could try to infer adjacent pixel values based on probability theory. An excellent image encryption algorithm can reduce the correlation of adjacent pixels and provide a smaller correlation coefficient. We randomly choose 5,000 pairs of adjacent pixels from plain-images and cipher-images along horizontal, vertical, and diagonal directions for a correlation test. e correlation coefficient is defined as follows: where x and y are pixel values of adjacent pixels. e parameter S � 5000 is the total number of pixels. E (x) is mathematical expectations and D(x) is the variance of x. Cov (x, y) is the covariance and r xy is the correlation coefficient. Figure 7 shows the correlation distribution of Lena and its cipher-image along three directions. e correlation distribution of the plain-image is highly concentrated, while that of the cipher-image is random. It reveals that the high correlation of the image is obviously reduced. We calculate the correlation coefficients of plain-images and cipher-images according to equation (6). Table 2 reports that the correlation coefficients of plain-images are close to 1, while those of cipher-images are close to 0. Table 3 shows a comparison of correlation coefficients for the proposed scheme and other schemes from three directions for the image Lena. e proposed cryptosystem covers up all the plain-image characteristics and has confusion properties.

Mean Absolute Error.
In statistics, mean absolute error (MAE) [31,32] is a measure of the difference between two continuous variables. Here, MAE is a measure to assess the error between the plain-image P and the cipher-image C. A enough large MAE means more secure encryption effects. e definition of MAE is given by where M × N is the size of the image. e results of MAE are reported in Table 4.

Root Mean Squared Error.
In statistics, root mean squared error (RMSE) [32] reflects the average squared difference between the estimated values and what is estimated, which corresponds to the expected value of the squared error loss. RMSE is a measure to quantify the difference between the plain-image P and the cipher-image C. e definition of RMSE is given by e larger the RMSE value, the better the encryption security. e results of the RMSE are reported in Table 4. e experiment results show the significant difference between plain-images and corresponding cipher-images, which indicates strong resistance against statistical attacks.

Differential Attack.
A differential attack [33][34][35] is an effective method to break up a cryptosystem that aims to input some slightly different plain-images and compare differences of their cipher-images for attack clues. To quantify the influence of a slight change on the cipherimage, two common parameters, including the number of pixels change rate (NPCR) and unified average changing intensity (UACI), are used to measure the differences between two cipher-images. NPCR and UACI are defined as follows: Security and Communication Networks 7 where M × N is the size of cipher-images C and C ′ .
. NPCR reflects the difference in the number of different pixel values between the two images. And UACI reflects the difference of pixel intensity between two images. For two images with complete randomness, NPCR � 99.609375% and UACI � 33.463542%. Table 5 reports simulation results for a 1-bit change in plain-images for different pixels.
We add a random pixel value for two standard images to 1 and compute the results of NPCR and UACI for 1,000 times.
e mean values are shown in Table 6. Table 7 reports the comparison of NPCR and UACI for the proposed scheme and other schemes in the image Lena. Results are very close to ideal values. e simulation demonstrates an excellent ability to resist differential attacks.

Key Sensitivity Test.
e key sensitivity test [10,30] checks the sensitivity of the cryptosystem to the security key. e test method includes two aspects. One encrypts the plain-image with the security key and decrypts the corresponding cipher-image with a key that is wrong by a 1-bit change in the security key, as seen in Table 8 and Figure 8. e other encrypts images by two keys that differ by only 1 bit and measures the differences between their cipherimages using NPCR and UACI. Table 9 reports the average NPCR and UACI between two cipher-images when the security key is added error x 1 + 10 −12 . e results show that a slight change in the security key can cause significant differences, and the cryptosystem passes the key sensitivity test.        [29] 0.995964 0.334762 [31] 0.996124 0.334591 [34] 0.996216 0.336510 [35] 0.996107 0.334436

Key Space Analysis.
A brute-force attack means that attackers try all possible security keys through an exhaustive key search until the correct one is found. A secure cryptosystem would have enough key space to defend against a brute-force attack. e proposed algorithm takes two pairs of initial parameters, (x 1 , y 1 ) and (x 2 , y 2 ), from the twodimensional logistic map as the security key. e design provides a flexible size for the key space to meet requirements for all levels of security. e simulation employs a 10 48 -bit security key, which is larger than 2 128 [36,37]. It provides enough key space to resist all kinds of brute-force attack.
us, the proposed cryptosystem is suitable for privacy protection of photos in multiple terminal devices.

Information Entropy.
Information entropy [8,38] quantifies the amount of information in a stochastic source. As an important mathematical parameter, it is used to evaluate the consistent distribution of pixel values. When the probability of each gray value of the image is equal, the information entropy of the image is the maximum. e definition of information entropy is given as follows: where p (s i ) represents the probability of the symbol s i . e ideal information entropy is H(s) � 8 for a 2 8 -bit stochastic source. erefore, the information entropy of cipher-images encrypted by a good cryptosystem should be close to 8 for grayscale images or a channel of color images. e calculation of information entropy for cipher-images Figure 5(a)-5(d) is presented in Table 10. Information entropy is related to the size of the image. Table 11 reports the comparison of average entropy between the proposed scheme and other schemes for 512 × 512 images. e results reveal the uncertainty and degree of ambiguity in the cipher-image.

Ciphertext and Plaintext Attack.
In cryptography, the ciphertext and plaintext attacks are common methods to cryptanalyze a cryptosystem. Adversaries deploy specific attack approaches based on different scenarios and assumptions. According to adversary's knowledge, the ciphertext and plaintext attacks could be divided into ciphertext-only attack, known-plaintext attack, and chosenplaintext attack [9]. Ciphertext-only attack assumes that an adversary only could obtain a set of ciphertexts. Knownplaintext attack assumes that an adversary could obtain a set of plaintexts and corresponding ciphertexts. And chosenplaintext attack assumes that an adversary could access arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts. Obviously, chosen-plaintext attack provides the most information for adversaries among three attack assumptions. If the cryptosystem is able to defend the chosen-plaintext attack, it is also believed to resist against the other two attacks.
In the proposed cryptosystem, we apply the two-dimensional logistic map to generate the chaotic sequences as the external message, which cannot be recovered by means of chosen-plaintext images. Moreover, the novelty of the proposed algorithm is that we introduce MP to the image encryption process for a notable scrambling effect. As shown in equations (1) and (2), forward propagation and backpropagation allow the external message to affect edge pixels and then spread across the image. erefore, the encryption result of every byte is affected by the contents of the previous bytes. e experimental results in Section 4.2.1 show high sensitivity of the proposed method to plain-images, which ensures the cryptosystem could resist against the chosenplaintext attack.

Time and Space Cost.
In the encryption algorithm based on chaotic sequences, a large amount of computation time is spent on multiplication for multiple rounds [39][40][41]. In this phase, the time complexity of the proposed algorithm is O (2 ×m + 2 × M + 2 × N). In the encryption/decryption phase, forward propagation and backpropagation need to execute M × N times. Considering the lack of high parallelism in mobile devices, the time complexity is O (2 × M × N). us, the time complexity of the cryptosystem is O e encryption process is simulated for 512 × 512 images 1000 times and gets the total time as 109.887853 s. us, the real encryption speed is 18.20037 Mbit/s. e cryptosystem performs with high encryption efficiency and is acceptable for mobile phone users. Table 12 compares the encryption efficiency with different encryption algorithms and displays a fast running performance for the proposed cryptosystem.
In terms of space cost, the proposed algorithm needs O (M + N) to store external message sets produced by a twodimensional logistic map. In the encryption/decryption phase, message passing is conducted inside the image and does not have an extra space cost. However, the S-box occupies 256 bytes for nonlinear substitution.
us, the space complexity of the cryptosystem is O (M + N + 256), which is applicable to mobile phones.

Conclusion
is paper demonstrates a lightweight image encryption algorithm based on message passing and a two-logistic map with low time and space costs. Compared to the M × N space cost of traditional chaotic algorithms, the proposed algorithm only requires M + N bytes to store external message sets from a two-dimensional logistic map, which is utilized as a pseudorandom generator to yield the external message sets of edge pixels. e external message sets affect edge pixels, and then adjacent pixels interact with each other to realize the image encryption. Message passing provides a novel approach for scrambling pixels inside an image without additional space costs. e simulation shows the cipher-image performs fairly uniform distribution with correlation coefficients close to 0, an acceptable information entropy of 7.996749 with a high computational efficiency (speed � 18.200374 Mbit/s). Additionally, the cryptosystem provides a flexible size for the key space to meet requirements for all levels of security. e experiment proves that the algorithm can resist key sensitivity analysis even if the key space is large enough. e cryptosystem can resist various attack techniques, including statistical attack, differential attack, known-plaintext attack, and brute-force attack with low time and space overheads. us, we demonstrate that the proposed algorithm can resist various existing attacks with low time and space cost.

Data Availability
Our experimental data come from an open-source database.

Conflicts of Interest
e authors declare that they have no conflicts of interest regarding the publication of this article.